Our promise to you

We’re committed to doing the right thing for your money by keeping it secure and delivering services that are in the best interest of you and your wealth.

Our promise to you
Our promise to you

Licensed by the Securities Commission Malaysia

We have a Capital Market Services License (eCMSL/A0352/2018) for Fund Management under the Digital Investment Management framework. With it, we can advise and manage funds for both retail and sophisticated investors. We comply with the same capital, compliance, auditing, and reporting requirements with which most financial institutions in Malaysia also comply.

fund manager top illustrator
We keep our funds separate from yours

As of April 2021, we've raised $61.4 million USD to fund our operations. This money pays our salaries, rent, and bills.
The funds we use for our operations are in a completely separate bank account from your money.

Where is your money kept?

Your money belongs to you, not us. In an unlikely bankruptcy event, any money held in a trust or custodian account can’t be touched.

fund manager main illustrator
For investment portfolios
fund manager leftCardInfo illustrator

Your deposits first go to a Citibank trust account.

fund manager leftCardInfo illustrator

Then, your purchased securities go to a custodian account through Saxo Capital Markets.

For StashAway Simple™
fund manager leftCardInfo illustrator

Your funds are held by HSBC Bank Malaysia Berhad.

You and your money are in safe hands

Withdrawal verification

We’ll always send you email notifications every time you make a transfer or withdrawal.

For your security, any suspicious transfers will be automatically flagged for investigation.

Withdrawal verification

Two-factor authentication

To keep your account secure, we require you to set up two-factor authentication (2-FA) when you sign up.

You’ll also need to enter a one-time password (OTP) whenever you log in from a new device or update your account.

Two-factor authentication

Secure server infrastructure

Your data is protected by a secure server infrastructure that we built and actively manage.

  • Regular whitebox and blackbox testing ensure that cyber attacks wouldn’t compromise our multi-layered defense mechanism
  • Hosted on Amazon Web Services and monitored 24/7
  • Intrusion detection systems and security measures to safeguard your data
Secure server infrastructure

Manage your wealth with confidence

By creating an account, you agree to the Platform Agreement

Download our mobile app

Manage your wealth with confidence
Manage your wealth with confidence

Frequently Asked Questions

We do not outsource customer service to third party providers. All our staff are trained in-house so that we have tighter controls over the onboarding process, and our Client Experience team does not forward customer documents to any other department in the company.

Access to our corporate network is only for authorized personnel and specific devices.  We practice the Principle of Least Privilege, where we only assign just enough access for staff to perform his/her job. Hence only very limited staff has access to customer information.

We have to be compliant with the Personal Data Protection Act and MAS Technology Risk Management (TRM) Guidelines to attain and maintain our Capital Markets Services License.

Your money is kept entirely unmingled with StashAway's finances. To ensure that we never touch your money, we use custodian banks that hold your money, whether it's in cash or in securities.StashAway has made it a top priority to work with global, reputable banks for these purposes. Our custodian bank for receiving your deposits is Citibank Berhad, while Saxo Capital Markets Pte Ltd is our custodian for your investible cash and securities.In these custodian institutions, your assets are always in a segregated account-- one that is separate from StashAway's operations and assets. This means that you will always have full access and claim to your assets no matter what happens to StashAway.

At StashAway, we take security seriously and strive to ensure that while we focus on customer experience, usability and product reliability, it is secured as well. However, nothing is perfect and we encourage the reporting of suspected vulnerabilities or weaknesses in our IT services and systems through our Vulnerability Disclosure Programme (VDP). You can find more information on how to report here.

Please also note that the VDP does not authorise or permit the taking of any action which may contravene applicable laws and regulations (e.g. Computer Misuse Act). For the avoidance of doubt, attempts to exploit or test suspected vulnerabilities (e.g. gaining unauthorised access to any computer program or data) are prohibited.

View more FAQs